Anyconnect VPN IOS Router Groups ACL

I am looking for a solution for a problem I have. I am used to using multiple contexts in anyconnect on the ASA which tie my user groups (via AD) and provide the ability to segment anyconnect users into groups, and thereby segment "what" they have access to (via ACL under policy). In testing with a router and IOS, this doesn't appear there. Is there a way to use DACL's? Filter or some other method that can filter based upon AD group? Or even based upon the user logging in (NPS radius authentication)?

Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...
view more